Skills
skills/eng0ai/eng0-template-skills/go-backend-clean-architecture/Gen Agent Trust Hub

go-backend-clean-architecture

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [Unverifiable Dependencies & Remote Code Execution] (HIGH): The skill performs a git clone from an untrusted repository (https://github.com/amitshekhariitbhu/go-backend-clean-architecture.git) and subsequently executes go mod download and go run. This pattern allows for the execution of arbitrary code fetched from the internet without verification.
  • [Indirect Prompt Injection] (HIGH): The skill ingests untrusted data from an external repository and possesses the capability to compile and execute that data. Ingestion points: git clone in SKILL.md. Boundary markers: None present. Capability inventory: go build, go run, go mod download, mv, rm. Sanitization: No validation or sanitization of the cloned repository content is performed before execution.
  • [Command Execution] (MEDIUM): The skill utilizes shell commands to manipulate the filesystem (mv, rm -rf) and execute the Go compiler/runtime on downloaded content.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:01 AM